backup: got it working for email + some improvements

2023-07-15 14:51:11 +01:00 · 2023-07-15 14:51:11 +01:00 · 3a28291933
commit 3a28291933
parent 03fa2255c3
2 changed files with 28 additions and 18 deletions
--- a/applications/email.nix
+++ b/applications/email.nix
@ -16,13 +16,6 @@
    ./dns.nix
  ];
  /*
  backups = [
    "/var/vmail"
    "/var/dkim"
  ];
  */
  options.services.skynet_email = {
    # options that need to be passed in to make this work
@ -94,6 +87,13 @@
  };
  config = mkIf cfg.enable {
    services.skynet_backup = {
      normal.backups = [
        "/var/vmail"
        "/var/dkim"
      ];
      host = { ip = cfg.host.ip; name = cfg.host.name; };
    };
    age.secrets.ldap_pw.file = ../secrets/ldap/pw.age;
--- a/applications/restic.nix
+++ b/applications/restic.nix
@ -30,16 +30,20 @@
    # then pull relevant dtails
    ownServers = builtins.listToAttrs (builtins.concatLists (
      lib.attrsets.mapAttrsToList (key: value:
        let
          backup = value.config.services.skynet_backup;
        in
        if (
          (builtins.hasAttr "skynet_backup" value.config.services)
-          && (value.config.services.skynet_backup.server.enable)
+          && backup.server.enable
-          && (!value.config.services.skynet_backup.server.appendOnly)
+          && backup.host.name != cfg.host.name
          && !backup.server.appendOnly
        )
        then [
          {
-            name = value.config.services.skynet_backup.host.name;
+            name = backup.host.name;
            value = base // {
-              repositoryFile = "/etc/skynet/restic/${value.config.services.skynet_backup.host.name}";
+              repositoryFile = "/etc/skynet/restic/${backup.host.name}";
              backupPrepareCommand = ''
                #!${pkgs.stdenv.shell}
@ -50,14 +54,13 @@
                mkdir -p $baseDir
                cd $baseDir
-                #touch ${value.config.services.skynet_backup.host.name}
+                echo -n "rest:http://root:password@${backup.host.ip}:${toString backup.server.port}/root/${cfg.host.name}" > ${backup.host.name}
                echo -n "rest:http://root:password@${value.config.services.skynet_backup.host.ip}:${value.config.services.skynet_backup.server.port}/root/${value.config.services.skynet_backup.host.name}" > ${value.config.services.skynet_backup.host.name}
                # read in teh password
                #PW = `cat ${config.age.secrets.restic.path}`
                line=$(head -n 1 ${config.age.secrets.restic.path})
-                sed -i "s/password/$line/g" ${value.config.services.skynet_backup.host.name}
+                sed -i "s/password/$line/g" ${backup.host.name}
              '';
            };
@ -134,8 +137,8 @@
        enable = mkEnableOption "Skynet backup Server";
        port = mkOption {
-          type = types.str;
+          type = types.port;
-          default = "8765";
+          default = 8765;
        };
        appendOnly = mkOption {
@ -155,8 +158,15 @@
      pkgs.restic
    ];
    # A list of all login accounts. To create the password hashes, use
    # nix-shell -p apacheHttpd
    # htpasswd -nbB "" "password" | cut -d: -f2
    age.secrets.restic.file    = ../secrets/backup/restic.age;
-#    age.secrets.backblaze.file = ../secrets/backup/backblaze.age;
+
    networking.firewall.allowedTCPPorts = [
      cfg.server.port
    ];
    services.restic.backups = ownServers // {
      # merge teh two configs together
@ -179,7 +189,7 @@
    services.restic.server = mkIf cfg.server.enable{
      enable = true;
-      listenAddress = "${cfg.host.ip}:${cfg.server.port}";
+      listenAddress = "${cfg.host.ip}:${toString cfg.server.port}";
      appendOnly = cfg.server.appendOnly;
      privateRepos = true;
    };